This project's continuity is at risk. If Internet routing security is important to you, throw a lifeline! Please donate to the 2026 fundraising campaign.

Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/U74ViGODTud33ngPAmj4w73NK6o.roa
File:                     U74ViGODTud33ngPAmj4w73NK6o.roa (raw, json)
Hash identifier:          8g7ud1guSPB+L+sklXn8DfQQ/RtzcbmpgZcJ8hWX/2M=
Subject key identifier:   53:BE:15:88:63:83:4E:E7:77:DE:78:0F:02:68:F8:C3:BD:CD:2B:AA
Certificate issuer:       /CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
Certificate serial:       019B7E3826E1931DFF0DFEBB1A730E7607A2
Authority key identifier: 63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/U74ViGODTud33ngPAmj4w73NK6o.roa
Signing time:             Fri 02 Jan 2026 10:19:27 +0000
ROA not before:           Fri 02 Jan 2026 10:19:27 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     200017
IP address blocks:        109.107.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 20 Jan 2026 18:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9b:7e:38:26:e1:93:1d:ff:0d:fe:bb:1a:73:0e:76:07:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6363bb65895f3a54a4b324a10c79ac98efe2a1ca
        Validity
            Not Before: Jan  2 10:19:27 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=53be158863834ee777de780f0268f8c3bdcd2baa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:8a:12:ec:b3:70:a7:95:f6:57:8c:2b:5d:69:
                    43:e0:f0:9a:f0:a9:2f:6a:c2:97:77:d6:a5:1d:8e:
                    21:a6:92:0e:f6:2c:8c:a5:ec:ac:5f:b5:f8:82:35:
                    b4:c1:64:ca:61:6f:e3:4c:18:9e:fe:9b:b5:8e:01:
                    0d:61:86:88:be:ac:ac:7f:f3:e1:30:59:ea:72:d9:
                    7d:c9:99:e6:0a:b2:e3:54:9d:53:65:a2:99:c2:2d:
                    43:92:36:b7:0a:42:66:93:eb:43:7e:4b:d0:1b:5f:
                    a3:54:e9:46:c7:1d:fc:64:d9:c9:c8:6d:fb:1e:f2:
                    e6:a9:ec:66:06:45:84:1b:ac:bd:d5:36:c7:02:91:
                    98:6a:fe:67:ea:2b:8f:2d:52:69:9f:a9:7e:37:3a:
                    a2:59:1d:d0:b3:b3:68:2e:99:48:2f:94:88:c3:fa:
                    dc:a7:e8:db:19:d6:e2:2b:1e:fd:44:36:6c:7d:a5:
                    24:69:dc:f3:49:3d:34:5f:c1:5a:68:df:30:c5:0f:
                    86:9a:cc:07:76:fc:17:cf:b0:9d:14:8b:b1:ab:2a:
                    eb:c3:4a:fc:bc:87:b3:78:c7:b2:fb:89:26:6a:03:
                    74:72:43:c8:91:3f:00:56:b9:12:50:1d:a7:ea:96:
                    b0:00:48:6b:7e:b6:14:08:95:29:e0:51:36:74:3b:
                    83:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:BE:15:88:63:83:4E:E7:77:DE:78:0F:02:68:F8:C3:BD:CD:2B:AA
            X509v3 Authority Key Identifier:
                keyid:63:63:BB:65:89:5F:3A:54:A4:B3:24:A1:0C:79:AC:98:EF:E2:A1:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2O7ZYlfOlSksyShDHmsmO_ioco.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/U74ViGODTud33ngPAmj4w73NK6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/db9bf1-e019-45a4-8663-a6ca454db2d7/1/Y2O7ZYlfOlSksyShDHmsmO_ioco.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.107.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:08:43:88:4d:9e:3d:1f:c8:9b:1e:14:7a:94:74:de:20:3f:
         fe:3c:82:8c:8a:e7:a0:a2:78:ad:6f:07:58:97:49:f9:17:94:
         58:5e:c4:a1:a2:8b:0e:b2:b7:e9:ab:5e:d8:74:d8:11:ff:a4:
         65:61:d4:42:b6:a6:04:31:b9:6a:54:a3:77:88:76:80:ac:a0:
         59:6c:ee:53:fc:08:1c:1e:ff:8e:cb:51:c4:30:70:bd:10:e6:
         18:51:e1:0c:12:4b:fc:5d:3c:32:dd:6b:78:87:83:56:c8:e0:
         f0:fb:09:50:21:f6:7a:c1:74:cc:56:85:e9:97:e0:35:29:35:
         03:d4:c0:3e:fe:db:7d:bb:4a:0a:4e:b4:34:95:37:e6:1b:94:
         45:8c:53:f4:b5:87:41:43:67:29:08:8c:93:cd:13:f8:cc:68:
         83:cd:0c:79:57:69:a2:13:09:38:e8:fb:bb:b8:9d:d6:0b:7c:
         bc:ac:07:31:aa:24:16:7d:e9:e1:54:e5:97:0e:3f:69:f9:8c:
         38:d8:ec:0e:2d:d0:57:b9:53:f0:98:ea:6b:55:5d:7a:91:68:
         a6:54:a1:1c:be:77:1e:de:da:3c:38:e5:48:b5:67:bd:59:45:
         1a:a9:8a:23:59:9c:d1:6c:ea:13:22:76:ba:94:8c:2a:71:cb:
         d7:11:8c:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZt+OCbhkx3/Df67GnMOdgeiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjNiYjY1ODk1ZjNhNTRhNGIzMjRhMTBjNzlhYzk4ZWZl
MmExY2EwHhcNMjYwMTAyMTAxOTI3WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2JlMTU4ODYzODM0ZWU3NzdkZTc4MGYwMjY4ZjhjM2JkY2QyYmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzIoS7LNwp5X2V4wrXWlD4PCa8Kkv
asKXd9alHY4hppIO9iyMpeysX7X4gjW0wWTKYW/jTBie/pu1jgENYYaIvqysf/Ph
MFnqctl9yZnmCrLjVJ1TZaKZwi1Dkja3CkJmk+tDfkvQG1+jVOlGxx38ZNnJyG37
HvLmqexmBkWEG6y91TbHApGYav5n6iuPLVJpn6l+NzqiWR3Qs7NoLplIL5SIw/rc
p+jbGdbiKx79RDZsfaUkadzzST00X8FaaN8wxQ+GmswHdvwXz7CdFIuxqyrrw0r8
vIezeMey+4kmagN0ckPIkT8AVrkSUB2n6pawAEhrfrYUCJUp4FE2dDuDNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFO+FYhjg07nd954DwJo+MO9zSuqMB8GA1UdIwQY
MBaAFGNju2WJXzpUpLMkoQx5rJjv4qHKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMt
YTZjYTQ1NGRiMmQ3LzEvVTc0VmlHT0RUdWQzM25nUEFtajR3NzNOSzZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9kYjliZjEtZTAxOS00NWE0LTg2NjMtYTZjYTQ1NGRiMmQ3
LzEvWTJPN1pZbGZPbFNrc3lTaERIbXNtT19pb2NvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbWuEMA0G
CSqGSIb3DQEBCwUAA4IBAQAwCEOITZ49H8ibHhR6lHTeID/+PIKMiuegonitbwdY
l0n5F5RYXsShoosOsrfpq17YdNgR/6RlYdRCtqYEMblqVKN3iHaArKBZbO5T/Agc
Hv+Oy1HEMHC9EOYYUeEMEkv8XTwy3Wt4h4NWyODw+wlQIfZ6wXTMVoXpl+A1KTUD
1MA+/tt9u0oKTrQ0lTfmG5RFjFP0tYdBQ2cpCIyTzRP4zGiDzQx5V2miEwk46Pu7
uJ3WC3y8rAcxqiQWfenhVOWXDj9p+Yw42OwOLdBXuVPwmOprVV16kWimVKEcvnce
3to8OOVItWe9WUUaqYojWZzRbOoTIna6lIwqccvXEYx0
-----END CERTIFICATE-----